Guidelines And Limitations - Cisco ASA 5505 Configuration Manual
Asa 5500 series
Hide thumbs
Also See for ASA 5505:
- Getting started manual (168 pages) ,
- Administrator's manual (118 pages) ,
- Hardware installation manual (82 pages)
Table of Contents
Advertisement
Chapter 5
Configuring the Transparent or Routed Firewall
Guidelines and Limitations
This section includes the guidelines and limitations for this feature.
Context Mode Guidelines
•
•
•
Transparent Firewall Guidelines
Follow these guidelines when planning your transparent firewall network:
•
•
OL-20339-01
The firewall mode is set for the entire system and all contexts; you cannot set the mode individually
for each context.
For multiple context mode, set the mode in the system execution space.
When you change modes, the adaptive security appliance clears the running configuration because
many commands are not supported for both modes. This action removes any contexts from running.
If you then re-add a context that has an existing configuration that was created for the wrong mode,
the context configuration might not work correctly. Be sure to recreate your context configurations
for the correct mode before you re-add them, or add new contexts with new paths for the new
configurations.
For IPv4, a management IP address is required for both management traffic and for traffic to pass
through the adaptive security appliance. For multiple context mode, an IP address is required for
each context.
Unlike routed mode, which requires an IP address for each interface, a transparent firewall has an
IP address assigned to the entire device. The adaptive security appliance uses this IP address as the
source address for packets originating on the adaptive security appliance, such as system messages
or AAA communications.
The management IP address must be on the same subnet as the connected network. You cannot set
the subnet to a host subnet (255.255.255.255).
For IPv6, at a minimum you need to configure link-local addresses for each interface for through
traffic. For full functionality, including the ability to manage the adaptive security appliance, you
need to configure a global IP address for the device.
You can configure an IP address (both IPv4 and IPv6) for the Management 0/0 or Management 0/1
management-only interface. This IP address can be on a separate subnet from the main management
IP address.
The transparent adaptive security appliance uses an inside interface and an outside interface only. If
your platform includes a dedicated management interface, you can also configure the management
interface or subinterface for management traffic only.
In single mode, you can only use two data interfaces (and the dedicated management interface, if
available) even if your security appliance includes more than two interfaces.
Cisco ASA 5500 Series Configuration Guide using ASDM
Configuring the Firewall Mode
5-5
- Quick Links:
- Starting Asdm
- Downloading the Asdm Launcher
Hide quick links:
Advertisement
Chapters
Table of Contents
